CVE-2008-0088
https://notcve.org/view.php?id=CVE-2008-0088
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. Vulnerabilidad sin especificar en Active Directory de Microsoft Windows 2000 y Windows Server 2003 y Active Directory Application Mode (ADAM) de XP y Server 2003. Permite a atacantes remotos provocar una denegación de servicio (cuelgue y reinicio) a través de una petición LDAP manipulada. • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28764 http://www.securityfocus.com/bid/27638 http://www.securitytracker.com/id?1019382 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0505/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5181 • CWE-20: Improper Input Validation •
CVE-2007-5352
https://notcve.org/view.php?id=CVE-2007-5352
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. Vulnerabilidad no especificada en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 SP1 y SP2 permite a usuarios locales ganar privilegios a través de una respuesta de procedimiento de llamada local (LPC). • http://secunia.com/advisories/28341 http://securitytracker.com/id?1019165 http://www.kb.cert.org/vuls/id/410025 http://www.securityfocus.com/archive/1/486317/100/0/threaded http://www.securityfocus.com/bid/27099 http://www.us-cert.gov/cas/techalerts/TA08-008A.html http://www.vupen.com/english/advisories/2008/0070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/39233 https://oval.cisecurity& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5355
https://notcve.org/view.php?id=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. La característica Web Proxy Auto-Discovery en Microsoft Internet Explorer 6 y 7, cuando un sufijo de DNS primario con tres o más componentes es configurado, resuelve nombre de host wpad no cualificado en un dominio de segundo nivel fuera de este dominio configurado en el DNS, lo cual permite a servidores WPAD llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://secunia.com/advisories/27901 http://support.microsoft.com/kb/945713 http://www.microsoft.com/technet/security/advisory/945713.mspx http://www.securityfocus.com/bid/26686 http://www.securitytracker.com/id?1019033 http://www.vupen.com/english/advisories/2007/4064 •
CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener información sensible de otros dominios de Internet Explorer, también conocida como "Vulnerabilidad de Revelación de Información de Dominios Cruzados en Análisis de Disposición de Contenido" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35346 http://secunia.com/advisories/25639 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24410 http://www.securitytracker.com/id?1018233 http://www.securitytracker.com/id?1018234 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http •
CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener información sensible de ostros dominios de Internet Explorer, también conocida como "Vulnerabilidad de revelación de información de dominios cruzados en el análisis URL" (URL Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35345 http://secunia.com/advisories/25639 http://www.kb.cert.org/vuls/id/682825 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24392 http://www.securitytracker.com/id?1018231 http://www.securitytracker.com/id?1018232 http://www •